Bugtraq mailing list archives
portmaper/process table flood exploit?
From: lordvadr () POBOX COM (C.J. Oster)
Date: Tue, 4 May 1999 13:41:07 -0500
Aleph, my apologies if this has already been posted. I did a quick search and didn't find anything. Early this morning my machine crashed because of a ypserv flood on portmap. I'm not sure exactly what happened because of my lack of familiarity with nis and portmap. Here's the logs. May 2 04:02:16 localhost portmap[1556]: connect from 130.126.85.3 to callit(ypserv): request from unauthorized host May 2 04:02:28 localhost portmap[1557]: connect from 130.126.85.3 to callit(ypserv): request from unauthorized host May 2 04:03:13 localhost portmap[1559]: connect from 130.126.85.3 to callit(ypserv): request from unauthorized host May 2 04:03:17 bh-ridgway portmap[1560]: connect from 130.126.85.3 to callit(ypserv): request from unauthorized host . . . . May 2 05:00:57 localhost portmap[1943]: connect from 130.126.85.3 to callit(ypserv): request from unauthorized host May 2 05:01:07 loralhost portmap[1946]: connect from 130.126.85.3 to callit(ypserv): request from unauthorized host May 2 05:01:19 localhost portmap[1947]: connect from 130.126.85.3 to callit(ypserv): request from unauthorized host 254 of them, then bang, dead. I'm assuming it's a process table flood or something of the sort. Or perhapse a portmap exploit that I'm not aware of. I run 2.2.5, dual pentium 200mmx, and the offending machine is another linux machine running the 2.1 or the 2.2 kernel (at least that's what queso says). Any ideas? Thanks in advance. -CJO- C.J. Oster (Linux Guru/Surge Addict) ------------------------------------------------------------------ | cjo () pobox com | 910 S. 3rd St, #1218 | CCSO, WSG, UIUC | | oster () uiuc edu | Champaign, IL 61820 | 1443 DCL, Urbana | | ---------------------------------------------------------------| | PGP: 87D5 4216 43A1 42D6 754D 8F5E 24B3 992A B7A1 F556 | ------------------------------------------------------------------ (580)761-6393 (217)328-8934 "Linux, for people with an IQ above 98" - Bumper Sticker "Hm, a little big for a cup holder... Why does it say '4x' on it?"
Current thread:
- Re: Buffer overflow in ftpd and locate bug [tgo] (Apr 30)
- <Possible follow-ups>
- Re: Buffer overflow in ftpd and locate bug Przemyslaw Frasunek (May 02)
- Re: Buffer overflow in ftpd and locate bug Eugeny Kuzakov (May 03)
- Re: Buffer overflow in ftpd and locate bug Andrew Pitman (May 06)
- CALL FOR PAPERS: EICAR 2000 -- Student Scholarships (fwd) Ken Williams (May 04)
- portmaper/process table flood exploit? C.J. Oster (May 04)
- Re: Buffer overflow in ftpd and locate bug Eugeny Kuzakov (May 03)
- Re: Buffer overflow in ftpd and locate bug Crispin Cowan (May 03)